2 NICs, 1 public 1 private, cant fully separate?

[K5KTF]

Migrating from {puke} Virtualbox... (quite impressed with Proxmox so far over VB!)

2 hardware NICs in the host:
1 Plugs into the back of the ISP-provided switch (behind their modem) for public IP use,
1 into my switch behind my router (for LAN private IPs) of which the WAN then goes to the ISP switch.

I have 5 statics from my ISP, 1 used by my router which then handles the private LAN.
I use the other publics in VM's, each VM uses 1 public.

When I setup proxmox, it created VMBR0, and I put that as the private LAN, and I have moved VMs that dont touch the outside over, they work great,
I have tried to setup VMBR1, but I get the error about already a gateway. I have seen other posts and responses, but none seem to do what I need:
All private LAN routes to my router as the LAN GW.
All but 1 public on the host for individual VM's to use and use the public IP GW.

The GUI obviously cant do this, so curious if there is some direct config-file way?

If I missed something in online docs, please pop me a link and Ill gladly RTFM...

Thanks

 

[mfederanko]

Do you get Default gateway already exists on interface 'vmbr0'?

If I understood your setup correctly you have vmbr0 on the private LAN with the default gateway also via the lan(vmbr0). Everything on the private lan subnet should use the lan gateway, and everything else should be routed via the second network on vmbr1. That works by moving the default gateway to vmbr1. You can change that using the web interface and remove the default gateway from vmbr0 and add the correct entry to vmbr1, then apply the configuration.

You can check your routing config with ip route get <some ip>

The relevant docu section [0]

[0]: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#sysadmin_network_configuration

 

[K5KTF]

Maybe this will help visualize my setup:

In Virtualbox, NIC0 has a private 192.168 IP and .1 as GW;
NIC1 is set as 0.0.0.0/DHCP (which never actually gets an IP from ISP) and the VM's then just tie to each NIC as setup in their own configs with IPs statically set.

ISPswitch -> x.x.x.94 (public static w/.89 as GW @ modem) -> WAN -router- LAN -> 24p sw (192.168.x.x) -> NIC0 -> VMBR0
ISPswitch ->x.x.x.90/91/92/93 (public statics w/.89 as GW @ modem) -> NIC1

Some VM's have both both a public and private IP on separate virtual NIC's (tied to nic0 and nic1 respectively).

Id like all LAN VM traffic to go through my router for LAN gateway. and all public traffic to go through their own public IP through the .89 ISP GW.

Would I just do the same here? I guess I could try on a test VM and see.
If there is a better way, Im all eyes/ears, and really appreciate any advice/help.
Thanks!

 

[K5KTF]

OK I just tried this and appears to work (putting here for anyone else who needs it):

created (in PM GUI) VMBR1 with 0.0.0.0/16 IP, no gateway, "bridge ports" NIC1 (2nd nic);
added 2nd virtual NIC to a VM, tying to VMBR1;
In the OS, I manually/static set the enp0s19 (2nd OS NIC) as the .92/28 public and .89 gateway;
systemctl restart NetworkManager;
ping from a totally other machine started going through!

This was the last hurdle to get the other VMs off VB and nuke that old host.....

Thanks for guiding me to the answer !!